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IN THE CLAIMS 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

1 . (Currently Amended) A method for automated adaptive reprovisioning of servers 
under security assault, the method comprising: 

detecting a security assault or a possible security assault on a first server; and 

reprovisioning by automatically creating a new server instance with a desired 
new server configuration to perform at least one of the tasks performed by said first 
serve r, wherein said desired new server configuration for said new server instance is 
selected from a plurality of new server configurations . 

2. (Original) The method of claim 1, wherein said detecting comprises determining 
if said first server is a candidate for reprovisioning, because of properties or behavior 
that suggest its security has been compromised or is likely to be compromised, or its 
functioning otherwise unacceptably impaired, by a security assault. 

3. (Original) The method of claim 1, wherein said reprovisioning comprises 
automatically bringing up said new server instance, or otherwise making available said 
new server instance to customers or other users of said first server 

4. (Original) The method of claim 1, further comprising bringing down said first 
server prior to said reprovisioning. 
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5. (Original) The method of claim 1, wherein said new server instance brought up 
in said reprovisioning differs from said first server in at least one parameter. 

6. (Original) The method of claim 1, wherein a difference between said new server 
instance and said first server is responsive to whether or not other security incidents 
have been detected in a network to which said servers are coupled. 

7. (Original) The method of claim 1, wherein a difference between said new server 
instance and said first server is responsive to a nature of any other security incidents 
that have been detected in said network to which said servers are coupled. 

8. (Original) The method of claim 1, wherein a difference between said new server 
instance and said first server is responsive to a probable compromise or a functional 
impairment observed in said detection. 

9. (Original) The method of claim 1, wherein a difference between said new server 
instance and said first server includes a version of server software used by said servers. 

10. (Original) The method of claim 1, wherein a difference between said new server 
instance and said first server includes a version of operating system software used by 
said servers. 
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11. (Original) The method of claim 1, wherein a difference between said new server 
instance and said first server includes a version of network connectivity software used 
by said servers. 

12. (Original) The method of claim 1, wherein a difference between said new server 
instance and said first server includes strength of encryption used by said servers. 

13. (Original) The method of claim 1, wherein a difference between said new server 
instance and said first server includes a degree of function offered to users by said 
servers. 

14. (Original) The method of claim 1, wherein said new server instance brought up 
in said reprovisioning differs from said first server only if more than a fixed number of 
instances of probable server compromise have been observed. 

15. (Original) The method of claim 1, wherein a difference between said new server 
instance and said first server is responsive to a number of probable server 
compromises that have been observed. 

16. (Original) The method of claim 1, wherein said server comprises a computer 
providing services through a network. 

17. (Original) The method of claim 1, wherein said server comprises a program 
running on a network-coupled computer, providing services through a network. 

Page 4 

PACE 9/17 ■ RCVD AT 6/18/2007 6:15:25 PM [Eastern Daylight Time] ■ SVR:USPTO*EFXRF.1/14 * DNIS:2738300 * CSID:732 530 9S08 « DURATION (mm-ss):06-06 



06/18/2007 18:18 FAX 732 530 9808 



PATTERSON & SHERIDAN -> PTO 



©010/017 



PATENT 

Atty. DXt. No. YOR920030570US1 

18. (Cancelled) 

19. (Currently Amended) The method of claim [[18]] 1, wherein said selecting said 
desired new server configuration for said new server instance comprises selecting a 
new server configuration from a table of new server configurations. 

20. (Currently Amended) The method of claim [[18]] 1, wherein said selecting said 
desired new server configuration for said new server instance comprises randomly 
selecting a new server configuration from among all new server configurations in a 
table. 

21. (Currently Amended) The method of claim [[18]] 1, wherein said selecting said 
desired new server configuration for said new server instance comprises randomly 
selecting a new server configuration from among all new server configurations in a table 
for which no probable compromise has been observed. 

22. (Currently Amended) The method of claim [[18]] I, wherein said selecting said 
desired new server configuration for said new server instance comprises indexing into a 
table according to a number of times a server providing a function of said first server 
has been subject to probable compromise. 

23. (Currently Amended) A computer-readable medium having stored thereon a 
plurality of instructions for automated adaptive reprovisioning of servers under security 
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assault, said plurality of instructions including instructions which, when executed by a 
processor, cause said processor to perform: 

detecting a security assault or a possible security assault on a first server; and 

reprovlsioning by automatically creating a new server instance with a desired 
new server configuration to perform at least one of the tasks performed by said first 
serve r, wherein said desired new server configuration for said new server instance is 
selected from a plurality of new server configurations . 

24. (Original) The computer-readable medium of claim 23, wherein said detecting 
comprises determining if said first server is a candidate for reprovisioning, because of 
properties or behavior that suggest its security has been compromised or is likely to be 
compromised, or its functioning otherwise unacceptably impaired, by a security assault 

25. (Original) The computer-readable medium of claim 23, wherein said 
reprovisioning comprises automatically bringing up said new server instance, or 
otherwise making available said new server instance to customers or other users of said 
first server. 

26. (Original) The computer-readable medium of claim 23, further comprising 
bringing down said first server prior to said reprovisioning. 

27. (Original) The computer-readable medium of claim 23, wherein said new server 
instance brought up in said reprovisioning differs from said first server in at least one 
parameter. 
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28. (Original) The computer-readable medium of claim 23, wherein a difference 
between said new server instance and said first server is responsive to whether or not 
other security incidents have been detected in a network to which said servers are 
coupled. 

29. (Original) The computer-readable medium of claim 23, wherein a difference 
between said new server instance and said first server is responsive to a nature of any 
other security incidents that have been detected in said network to which said servers 
are coupled. 

30. (Currently Amended) A system for automated adaptive reprovisioning of servers 
under security assault, the system comprising: 

a first server; 

a security monitor, coupled to said first server, for detecting if said first server is a 
candidate for automatic reprovisioning with a new server instance having a desired new 
server configuration : and 

a provisioned coupled to said first server, for automatically reprovisioning said 
server with said new server instance if said server is such a candidate , wherein said 
desired new server configuration for said new server instance is selected from a 
plurality of new server configurations . 
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